package com.xunyji.springsecurity02.controller;

import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author 王杨帅
 * @create 2018-09-08 21:17
 * @desc
 **/
@RestController
@RequestMapping(value = "/test")
@Slf4j
@EnableGlobalMethodSecurity(prePostEnabled = true) // 开启授权
public class TestController {

    @GetMapping(value = "/home")
    public String home() {
        String info = "寻渝记主页面";
        log.info(info);
        return info;
    }

    @PreAuthorize("hasRole('ROLE_BOSS')") // 拥有ROLE_BOSS角色的用户可以访问
    @GetMapping(value = "/boss")
    public String boss() {
        String info = "拥有ROLE_BOSS权限的才可以进入";
        log.info(info);
        return info;
    }

    @PreAuthorize("hasRole('ROLE_BOSS') OR hasRole('ROLE_ADMIN')")
    @GetMapping(value = "/admin")
    public String admin() {
        String info = "拥有ROLE_ADMIN权限的才可以进入";
        log.info(info);
        return info;
    }

    @PreAuthorize("hasRole('ROLE_BOSS') OR hasRole('ROLE_ADMIN') OR hasRole('ROLE_USER')")
    @GetMapping(value = "/user")
    public String user() {
        String info = "拥有ROLE_USER权限的才可以进入";
        log.info(info);
        return info;
    }

}

